Lucene search
K
WpvulndbMost viewed

14603 matches found

WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.24 views

Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS)

The Enfold theme was vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. PoC The issue appears when pagination comes in place while navigating on a WordPress site with Enfold theme active. When that...

6.1CVSS0.2AI score0.02959EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/28 12:0 a.m.24 views

Duplicate Page < 4.4.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape the Duplicate Post Suffix settings before outputting it, which could allow high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. The attempt to fix the issue in 4.4.2 is insufficient and...

4.8CVSS1.1AI score0.0087EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.24 views

Calendar_plugin <= 1.0 - Reflected Cross-Site Scripting

The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.3AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.24 views

Clean Login 1.12.6.3 - Reflected Cross-Site Scripting

The plugin does not escape the url parameter in its login form page, leading to a Reflected Cross-Site Scripting issue PoC Append the following payload on a page where the clean-login shortcode is embed: ?url=" Example: https://example.com/clean-login/?url="...

6.5AI score
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/06 12:0 a.m.24 views

Paid Member Subscriptions < 2.4.2 - Authenticated SQL Injection

The plugin did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, leading to Authenticated SQL Injections in the Members and Payments pages. PoC http://www.example.com/wp-admin/admin.php?page=pms-members-page=userid=asc,select from selectsleep10a...

8.8CVSS0.4AI score0.01713EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.24 views

uListing < 2.0.6 - Settings Update via CSRF

A Settings Update via CSRF vulnerability was discovered in the plugin. Missing WPNonce security tokens https://codex.wordpress.org/WordPressNonces . PoC PoC 1 | CSRF | Main Settings Update: POST /wp-admin/admin-ajax.php HTTP/2 Host: example.com Cookie: admin cookies User-Agent: Mozilla/5.0...

4.3CVSS0.2AI score0.00423EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/07 12:0 a.m.24 views

WP Upload Restriction < 2.2.5 - Missing Access Control in deleteCustomType

Missing access control in deleteCustomType function allows authenticated users, such as subscribers, to delete custom extensions...

4.3CVSS4.8AI score0.0069EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/29 12:0 a.m.24 views

Popup box < 2.3.4 - Authenticated Blind SQL Injections

The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC Exploit All of them with same technique...

6.5CVSS0.01362EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.24 views

Yada Wiki < 3.4.1 - Contributor+ Stored XSS

The plugin did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue PoC - Create a wiki page. If there is already a page, you can skip. The page can be a draft. - Add this shortcode to a post/page, view it and move the mouse over...

3.5CVSS0.6AI score0.00547EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/21 12:0 a.m.24 views

Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. PoC Add the...

6.1CVSS2.1AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/14 12:0 a.m.24 views

Jannah < 5.4.5 - Reflected Cross-Site Scripting (XSS)

The theme did not properly sanitize the 'query' POST parameter in its tieajaxsearch AJAX action, leading to a Reflected Cross-site Scripting XSS vulnerability. PoC POST /demo/wp-admin/admin-ajax.php HTTP/1.1 Host: jannah.tielabs.com User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:89.0...

6.1CVSS0.9AI score0.02697EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/07 12:0 a.m.24 views

WordPress Popular Posts < 5.3.3 - Authenticated Code Injection

Jerome Bruandet from NinTechNet discovered a code injection issue in the plugin before 5.3.3: "When thumbnails settings are set to 'Custom field name' and 'Resize image from Custom field' they aren’t by default, a user with contributor role or above can bypass the file type verification, download...

2AI score
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/07 12:0 a.m.24 views

WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue Note: The vendor attributed the issue in the changelog to the wrong reporter us, WPScan, as we reported it on behalf of th...

5.4CVSS5.1AI score0.02339EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/17 12:0 a.m.24 views

Car Repair Services < 4.0 - Unauthenticated Reflected XSS & XFS

The theme did not properly sanitise its serviceestimatekey search parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue PoC https://smartdata.tonytemplates.com/car-repair-service-v4/car1/estimateresult/result?s==...

6.1CVSS0.3AI score0.03884EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/16 12:0 a.m.24 views

Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities

The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...

6.1CVSS0.8AI score0.00932EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/27 12:0 a.m.24 views

WPGraphQL < 1.3.6 - Denial of Service

The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL's Batching capability. v1.3.6 added a setting to disable batch...

6.3AI score
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/23 12:0 a.m.24 views

Redirect 404 to Parent < 1.3.1 - Reflected Cross-Site Scripting (XSS)

The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/options-general.php?page=moove-redirect-settings=" onMouseOver="alert1;...

4.3CVSS6AI score0.13942EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/19 12:0 a.m.24 views

Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue PoC /wp-admin/admin.php?page=popup-wp-supsystic="onmouseover=alert1//...

4.3CVSS0.8AI score0.18165EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/10 12:0 a.m.24 views

Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE

The plugin does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE. PoC POST /addalisting/ HTTP/1....

6.5CVSS0.01906EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/26 12:0 a.m.24 views

Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the plugin, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link...

4.3CVSS4.6AI score0.00575EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/25 12:0 a.m.24 views

Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain

The runaction function of the plugin deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution. PoC Step 1: Use the nonce...

6.8CVSS8.7AI score0.0352EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/17 12:0 a.m.24 views

Elementor < 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget

In the plugin, the icon box widget includes/widgets/icon-box.php accepts a ‘titlesize’ parameter. Although the element control lists a fixed set of possible html tags, it is possible for a user with Contributor or above permissions to send a modified ‘savebuilder’ request containing JavaScript in...

3.5CVSS0.3AI score0.00746EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/23 12:0 a.m.24 views

Photo Gallery by 10web < 1.5.69 - Reflected Cross-Site Scripting (XSS)

The plugin did not properly sanitise the bwgsearchX GET parameter, available in a frontend gallery when the Show Search Box setting is enabled disabled by default, leading to a reflected Cross-Site Scripting issue PoC Append the below payload in a page with an embedded gallery and the Show Search...

1.4AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/11/20 12:0 a.m.24 views

Easy Registration Forms <= 2.0.6 - CSV Injection

Easy Registration Forms ER Forms Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable...

6.8CVSS3AI score0.02144EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/10/05 12:0 a.m.24 views

Post Grid < 2.0.73 & Team Showcase < 1.22.16 - PHP Object Injection

Ram Gall from Wordfence discovered an authenticated subscriber+ PHP Object Injection vulnerability in the Post Grid and Team Showcase WordPress plugins...

6CVSS8.8AI score0.02082EPSS
Exploits2References3Affected Software2
WPVulnDB
WPVulnDB
added 2020/08/20 12:0 a.m.24 views

WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS

Multiple stored cross-site scripting vulnerabilities in WP Customer Reviews 3.4.2 and lower allow remote attackers to inject arbitrary JavaScript code or HTML. PoC If WP Customer Reviews is enabled on a page, an unauthenticated attacker can exploit XSS via review form's parameters: - Reviewer Nam...

1.3AI score0.01085EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2020/08/20 12:0 a.m.24 views

Advanced Access Manager < 6.6.2 - Authenticated Information Disclosure

The plugin’s aam/v1/authenticate and aam/v2/authenticate REST endpoints were set to respond to a successful login with a json-encoded copy of all metadata about the user, potentially exposing users’ information to an attacker or low-privileged user. This included items like the user’s hashed...

4CVSS0.8AI score0.01059EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/06/25 12:0 a.m.24 views

Coming Soon Page, Under Construction & Maintenance Mode by SeedProd < 5.1.2 - Authenticated Stored Cross Site Scripting (XSS)

Authenticated stored cross-site scripting issues in some of the plugin settings, requiring high privileges. PoC Affected fields are in the settings of the plugin and will be triggered when the common soon page is displayed either the preview or normal one: Logo: x' onerror='alert/XSS/ Headlines:...

3.5CVSS1.3AI score0.03757EPSS
Exploits5References3Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/28 12:0 a.m.24 views

bbPress < 2.6.5 - Authenticated Stored Cross-Site Scripting via the forums list table

binit discovered a stored XSS issue via the forums list table. The payload is put and can only be triggered by accounts with the Keymaster bbPress role...

3.5CVSS2.2AI score0.01389EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/05/04 12:0 a.m.24 views

Advanced Order Export For WooCommerce < 3.1.4 - Authenticated Cross-Site Scripting (XSS)

The Advanced Order Export plugin for WooCommerce versions 3.1.4 had a reflected XSS vulnerability due to lack of input sanitization on the woeposttype parameter. This allowed arbitrary HTML and JavaScript injection and execution in the context of the logged in user. PoC On a WooCommerce...

4.3CVSS1.1AI score0.01955EPSS
Exploits4References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/23 12:0 a.m.24 views

Cookiebot < 3.6.1 - Authenticated Reflected Cross-Site Scripting (XSS)

Versions prior to 3.6.1 are susceptible to this attack, which allows hackers to exploit the vulnerability found on administrative pages...

4.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/16 12:0 a.m.24 views

Newsletter < 6.5.4 - CSV Injection

A CSV Injection vulnerability was discovered in Wordpress Newsletter plugin. It allows a user with low level privileges or no privileges to inject a command in subscription form that will be included in the exported CSV file, leading to possible code execution...

3.5AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/02/27 12:0 a.m.24 views

Modern Events Calendar Lite < 5.1.7 - Multiple Subscriber+ Stored XSS

Modern Events Calendar Lite registers a number of AJAX actions for logged-in users. Some of these actions allow low-privileged users like subscribers to manipulate settings and other stored data. When exploited in this way, the affected data can be injected with various XSS payloads...

3.5CVSS3.9AI score0.01024EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/11/12 12:0 a.m.24 views

WP Intercom Slack <= 1.2.2 - Slack Access Token Disclosure

The Intercom plugin through 1.2.2 leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...

5CVSS2.9AI score0.01919EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/11 12:0 a.m.24 views

AdRotate Banner Manager <= 5.2 - Authenticated SQL Injection

The vendor states: "Earlier this week I was contacted by a security research firm who has apparently been poking around in the code of AdRotate and they found an issue in AdRotate Free. Upon checking the code following their advisory I found a potential weak point in AdRotate Pro as well. Though...

6.5CVSS0.6AI score0.01502EPSS
Exploits0References5Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/24 12:0 a.m.24 views

Ultimate Member < 2.0.52 - CSRF and Stored XSS issues

A CSRF vulnerability in adding/editing user roles in Ultimate Member 2.0.49. It also lead to stored XSS. Edit WPScanTeam: July 9th, 2019 - v2.0.50 released and still affected. Escalated to WP Plugins Team July 9th, 2019 - v2.0.51 released, fixing the CSRF but not the XSS July 11th, 2019 - Escalat...

3.5CVSS5.1AI score0.00886EPSS
Exploits3Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/22 12:0 a.m.24 views

Import users from CSV with meta <= 1.14.1.3 - CSRF leading to attachment deletion & Path Traversal

CSRF leading to attachment deletion via the acuideleteattachment AJAX function...

5CVSS5.2AI score0.0232EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/19 12:0 a.m.24 views

Sina Extension For Elementor <= 2.2.0 - LFI

The Sina Extension for Elementor WordPress plugin was affected by a LFI security vulnerability...

5CVSS2.7AI score0.02386EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/06/07 12:0 a.m.24 views

ConvertPlus <= 3.4.4 - Multiple Issues

According to the changelog: 3.4.5 - Security: User with none role gets created on form submission by curl request for variants. 3.4.4 - Improved sanitization, escaping and other security improvements...

5CVSS1.8AI score0.0162EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/28 12:0 a.m.24 views

Slick Popup <= 1.7.1 - Privilege Escalation

Subscriber users are able to create an administrator account with hardcoded login credentials. PoC Hardcoded username "slickpopupteam" and its password is OmakPass13...

6.5CVSS3.1AI score0.02071EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/05/20 12:0 a.m.24 views

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. PoC Send POST request to wp-admin/admin-ajax.php with body content: "[email protected]" The...

4.3CVSS2.3AI score0.02022EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/04/22 12:0 a.m.24 views

WP Database Backup < 5.1.2 - XSS

The WP Database Backup WordPress plugin was affected by a XSS security vulnerability...

4.3CVSS2.1AI score0.00946EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/26 12:0 a.m.24 views

article2pdf - Multiple Vulnerabilities

The article2pdf WordPress plugin was affected by a Multiple Vulnerabilities security vulnerability...

7.5CVSS2.1AI score0.04361EPSS
Exploits3References2Affected Software1
WPVulnDB
WPVulnDB
added 2019/03/14 12:0 a.m.24 views

Import users from CSV with meta <= 1.14.0.2 - XSS and CSRF

The Import and export users and customers WordPress plugin was affected by a XSS and CSRF security vulnerability...

6.8CVSS3.6AI score0.00932EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/12/13 12:0 a.m.24 views

WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins

Description According to WordPress: "Tim Coen also discovered that specially crafted URL inputs could lead to a cross-site scripting vulnerability in some circumstances. WordPress itself was not affected, but plugins could be in some situations."...

6.1CVSS7.1AI score0.05052EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2018/09/04 12:0 a.m.24 views

Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation

According to the official release: "A privilege escalation vulnerability has been found in Contact Form 7 5.0.3 and older versions. Utilizing this vulnerability, a logged-in user in the Contributor role can potentially edit contact forms, which only Administrator and Editor-role users are allowed...

7.5CVSS1.9AI score0.02022EPSS
Exploits0References6Affected Software1
WPVulnDB
WPVulnDB
added 2018/08/26 12:0 a.m.24 views

Ajax BootModal Login <= 1.4.3 - Captcha Reuse

The Ajax BootModal Login WordPress plugin was affected by a Captcha Reuse security vulnerability...

5CVSS2.5AI score0.0095EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2018/08/16 12:0 a.m.24 views

Chained Quiz <= 1.0.8 - Unauthenticated SQL Injection

WordPress Plugin Plugin Chained Quiz before 1.0.9 allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. Technical details: Chained Quiz appears to be vulnerable to time-based SQL-Injection. The issue lies on the "$answer" backend variable...

7.5CVSS3.6AI score0.02686EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2018/05/01 12:0 a.m.24 views

Form Maker by WD < 1.12.24 - CSV Injection

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin was affected by a CSV Injection security vulnerability...

6.8CVSS2.4AI score0.04672EPSS
Exploits5References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/04/06 12:0 a.m.24 views

WordPress File Upload <= 4.3.3 - Cross-Site Scripting (XSS)

The WordPress File Upload WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.5AI score0.03844EPSS
Exploits6References2Affected Software1
Total number of security vulnerabilities5000